风险管理【外文翻译】

风险管理【外文翻译】

外文文献翻译译文

一、外文原文

原文：

Risk Management

This chapter reviews and discusses the basic issues and principles of risk management, including: risk acceptability (tolerability); risk reduction and the ALARP principle; cautionary and precautionary principles. And presents a case study showing the importance of these issues and principles in a practical management context. Before we take a closer look, let us briefly address some basic features of risk management.

The purpose of risk management is to ensure that adequate measures are taken to protect people, the environment, and assets from possible harmful consequences of the activities being undertaken, as well as to balance different concerns, in particular risks and costs. Risk management includes measures both to avoid the hazards and to reduce their potential harm. Traditionally, in industries such as nuclear, oil, and gas, risk management was based on a prescriptive regulating regime, in which detailed requirements were set with regard to the design and operation of the arrangements. This regime has gradually been replaced by a more goal-oriented regime, putting emphasis on what to achieve rather than on the means of achieving it.

Risk management is an integral aspect of a goal-oriented regime. It is acknowledged that risk cannot be eliminated but must be managed. There is nowadays an enormous drive and enthusiasm in various industries and in society as a whole to implement risk management in organizations. There are high expectations that risk management is the proper framework through which to achieve high levels of performance.

Risk management involves achieving an appropriate balance between realizing opportunities for gain and minimizing losses. It is an integral part of good management practice and an essential element of good corporate governance. It is an

风险管理【外文翻译】

iterative process consisting of steps that, when undertaken in sequence, can lead to a continuous improvement in decision-making and facilitate a continuous improvement in performance.

To support decision-making regarding design and operation, risk analyses are carried out. They include the identification of hazards and threats, cause analyses, consequence analyses, and risk descriptions. The results are then evaluated. The totality of the analyses and the evaluations are referred to as risk assessments. Risk assessment is followed by risk treatment, which is a process involving the development and implementation of measures to modify the risk, including measures designed to avoid, reduce (“optimize”), transfer, or retain the risk. Risk transfer means sharing with another party the benefit or loss associated with a risk. It is typically affected through insurance. Risk management covers all coordinated activities in the direction and control of an organization with regard to risk.

In many enterprises, the risk management tasks are divided into three main categories: strategic risk, financial risk, and operational risk. Strategic risk includes aspects and factors that are important for the enterprise’s long-term strategy and plans, for example mergers and acquisitions, technology, competition, political conditions, legislation and regulations, and labor market. Financial risk includes the enterprise’s financial situation, and includes: Market risk, associated with the costs of goods and services, foreign exchange rates and securities (shares, bonds, etc.). Credit risk, associated with a debtor’s failure to meet its obligations in accordance with agreed terms. Liquidity risk, reflecting lack of access to cash; the difficulty of selling an asset in a timely manner. Operational risk is related to conditions affecting the normal operating situation: Accidental events, including failures and defects, quality deviations, natural disasters. Intended acts; sabotage, disgruntled employees, etc. Loss of competence, key personnel. Legal circumstances, associated for instance, with defective contracts and liability insurance.

For an enterprise to become successful in its implementation of risk management, top management needs to be involved, and activities must be put into effect on many levels. Some important points to ensure success are: the establishment of a strategy

风险管理【外文翻译】

for risk management, i.e., the principles of how the enterprise defines and implements risk management. Should one simply follow the regulatory requirements (minimal requirements), or should one be the “best in the class”? The establishment of a risk management process for the enterprise, i.e. formal processes and routines that the enterprise is to follow. The establishment of management structures, with roles and responsibilities, such that the risk analysis process becomes integrated into the organization. The implementation of analyses and support systems, such as risk analysis tools, recording systems for occurrences of various types of events, etc. The communication, training, and development of a risk management culture, so that the competence, understanding, and motivation level within the organization is enhanced. Given the above fundamentals of risk management, the next step is to develop principles and a methodology that can be used in practical decision-making. This is not, however, straightforward. There are a number of challenges and here we address some of these: establishing an informative risk picture for the various decision alternatives, using this risk picture in a decision-making context. Establishing an informative risk picture means identifying appropriate risk indices and assessments of uncertainties. Using the risk picture in a decision making context means the definition and application of risk acceptance criteria, cost benefit analyses and the ALARP principle, which states that risk should be reduced to a level which is as low as is reasonably practicable.

It is common to define and describe risks in terms of probabilities and expected values. This has, however, been challenged, since the probabilities and expected values can camouflage uncertainties; the assigned probabilities are conditional on a number of assumptions and suppositions, and they depend on the background knowledge. Uncertainties are often hidden in this background knowledge, and restricting attention to the assigned probabilities can camouflage factors that could produce surprising outcomes. By jumping directly into probabilities, important uncertainty aspects are easily truncated, and potential surprises may be left unconsidered.

Let us, as an example, consider the risks, seen through the eyes of a risk analyst

风险管理【外文翻译】

in the 1970s, associated with future health problems for divers working on offshore petroleum projects. The analyst assigns a value to the probability that a diver would experience health problems (properly defined) during the coming 30 years due to the diving activities. Let us assume that a value of 1 % was assigned, a number based on the knowledge available at that time. There are no strong indications that the divers will experience health problems, but we know today that these probabilities led to poor predictions. Many divers have experienced severe health problems (Avon and Vine, 2007). By restricting risk to the probability assignments alone, important aspects of uncertainty and risk are hidden. There is a lack of understanding about the underlying phenomena, but the probability assignments alone are not able to fully describe this status.

Several risk perspectives and definitions have been proposed in line with this realization. For example, Avon (2007a, 2008a) defines risk as the two-dimensional combination of events/consequences and associated uncertainties (will the events occur, what the consequences will be). A closely related perspective is suggested by Avon and Renan (2008a), who define risk associated with an activity as uncertainty about and severity of the consequences of the activity, where severity refers to intensity, size, extension, scope and other potential measures of magnitude with respect to something that humans value (lives, the environment, money, etc.). Losses and gains, expressed for example in monetary terms or as the number of fatalities, are ways of defining the severity of the consequences. See also Avon and Christensen (2005).

In the case of large uncertainties, risk assessments can support decision-making, but other principles, measures, and instruments are also required, such as the cautionary/precautionary principles as well as robustness and resilience strategies. An informative decision basis is needed, but it should be far more nuanced than can be obtained by a probabilistic analysis alone. This has been stressed by many researchers, e.g. Apostolicism (1990) and Apostolicism and Lemon (2005): qualitative risk analysis (QRA) results are never the sole basis for decision-making. Safety- and security-related decision-making is risk-informed, not risk-based. This conclusion is

风险管理【外文翻译】

not, however, justified merely by referring to the need for addressing uncertainties beyond probabilities and expected values. The main issue here is the fact that risks need to be balanced with other concerns.

When various solutions and measures are to be compared and a decision is to be made, the analysis and assessments that have been conducted provide a basis for such a decision. In many cases, established design principles and standards provide clear guidance. Compliance with such principles and standards must be among the first reference points when assessing risks. It is common thinking that risk management processes, and especially ALARP processes, require formal guidelines or criteria (e.g., risk acceptance criteria and cost-effectiveness indices) to simplify the decision-making. Care must; however, be shown when using this type of formal decision-making criteria, as they easily result in a mechanization of the decision-making process. Such mechanization is unfortunate because: Decision-making criteria based on risk-related numbers alone (probabilities and expected values) do not capture all the aspects of risk, costs, and benefits, no method has a precision that justifies a mechanical decision based on whether the result is over or below a numerical criterion. It is a managerial responsibility to make decisions under uncertainty, and management should be aware of the relevant risks and uncertainties.

Apostolicism and Lemon (2005) adopt a pragmatic approach to risk analysis and risk management, acknowledging the difficulties of determining the probabilities of an attack. Ideally, they would like to implement a risk-informed procedure, based on expected values. However, since such an approach would require the use of probabilities that have not been “rigorously derived”, they see themselves forced to resort to a more pragmatic approach.

This is one possible approach when facing problems of large uncertainties. The risk analyses simply do not provide a sufficiently solid basis for the decision-making process. We argue along the same lines. There is a need for a management review and judgment process. It is necessary to see beyond the computed risk picture in the form of the probabilities and expected values. Traditional quantitative risk analyses fail in

风险管理【外文翻译】

this respect. We acknowledge the need for analyzing risk, but question the value added by performing traditional quantitative risk analyses in the case of large uncertainties. The arbitrariness in the numbers produced can be significant, due to the uncertainties in the estimates or as a result of the uncertainty assessments being strongly dependent on the analysts.

It should be acknowledged that risk cannot be accurately expressed using probabilities and expected values. A quantitative risk analysis is in many cases better replaced by a more qualitative approach, as shown in the examples above; an approach which may be referred to as a semi-quantitative approach. Quantifying risk using risk indices such as the expected number of fatalities gives an impression that risk can be expressed in a very precise way. However, in most cases, the arbitrariness is large. In a semi-quantitative approach this is acknowledged by providing a more nuanced risk picture, which includes factors that can cause “surprises” relative to the probabilities and the expected values. Quantification often requires strong simplifications and assumptions and, as a result, important factors could be ignored or given too little (or too much) weight. In a qualitative or semi-quantitative analysis, a more comprehensive risk picture can be established, taking into account underlying factors influencing risk. In contrast to the prevailing use of quantitative risk analyses, the precision level of the risk description is in line with the accuracy of the risk analysis tools. In addition, risk quantification is very resource demanding. One needs to ask whether the resources are used in the best way. We conclude that in many cases more is gained by opening up the way to a broader, more qualitative approach, which allows for considerations beyond the probabilities and expected values.

The traditional quantitative risk assessments as seen for example in the nuclear and the oil & gas industries provide a rather narrow risk picture, through calculated probabilities and expected values, and we conclude that this approach should be used with care for problems with large uncertainties. Alternative approaches highlighting the qualitative aspects are more appropriate in such cases. A broad risk description is required. This is also the case in the normative ambiguity situations, as the risk characterizations provide a basis for the risk evaluation processes. The main concern

风险管理【外文翻译】

is the value judgments, but they should be supported by solid scientific assessments, showing a broad risk picture. If one tries to demonstrate that it is rational to accept risk, on a scientific basis, too narrow an approach to risk has been adopted. Recognizing uncertainty as a main component of risk is essential to successfully implement risk management, for cases of large uncertainties and normative ambiguity.

A risk description should cover computed probabilities and expected values, as well as: Sensitivities showing how the risk indices depend on the background knowledge (assumptions and suppositions); Uncertainty assessments; Description of the background knowledge, including models and data used.

The uncertainty assessments should not be restricted to standard probabilistic analysis, as this analysis could hide important uncertainty factors. The search for quantitative, explicit approaches for expressing the uncertainties, even beyond the subjective probabilities, may seem to be a possible way forward. However, such an approach is not recommended. Trying to be precise and to accurately express what is extremely uncertain does not make sense. Instead we recommend a more open qualitative approach to reveal such uncertainties. Some might consider this to be less attractive from a methodological and scientific point of view. Perhaps it is, but it would be more suited for solving the problem at hand, which is about the analysis and management of risk and uncertainties.

Source: Terje Aven. 2010. “Risk Management”. Risk in Technological Systems, Oct,

p175-198.

二、翻译文章

译文：

风险管理

本章回顾和讨论风险管理的基本问题和原则，包括：风险可接受性（耐受性）、风险削减和安全风险管理原则、警示和预防原则，并提出了一个研究案例，说明

风险管理【外文翻译】

在实际管理环境中这些问题和原则的重要性。这需要我们的深入研究，在此之前，让我们简单谈谈风险管理的一些基本特征。

风险管理的目的是：在现时事件产生有害后果时，及时采取适当的措施以确保人类，环境和资产的安全，以及平衡人们的不同关注取向，特别是风险和成本。风险管理包括两种措施，控制危险源和减少潜在的危害。传统上，诸如核能，石油和天然气产业，风险管理主要是依靠规范监管制度来管理的，这项制度对设计和操作的安排提出了系统性的要求。但是渐渐的，这一制度已被一项更加标准化的制度所取代，此制度是强调要取得的成果而不是如何实现这些成果的手段。

风险管理是标准化制度的一个组成部分。风险不能消除，只能加以控制改善，这是被人们所公认的。现在有一项具有巨大驱动力和感召力的措施正应运而生，它将不同产业和社会作为一个整体来实施组织风险管理。风险管理是一项适当的措施，人们对于用它来实现高产值有很大的期望。

风险管理包括可认识到的实现增益的机会和损失的最小化，并且在它们之间实现适当的平衡。这是一个组织构成良好有效的管理实践的基本要素。这是一个由递进步骤组成的反复的过程，按顺序进行时，能不断提高决策正确性并且促进产值的不断增长。

为了支持决策方面的设计和操作，需要进行风险分析。它们包括危害物和威胁识别，成因分析，结果分析和风险描述鉴定，然后评估结果。所有的分析和评估将被作为风险评估。其次是风险评估的处理办法，这是一个过程，涉及开发和实施措施来缓和风险，措施包括避免，减少（“优化”），转移或保留风险。风险转移意味着与另一方共同享有利益或承担由于损失造成的风险。它最典型的是受保险的影响。风险管理涵盖了所有协调活动的方向目标和风险组织。

在许多企业中，风险管理的任务分为三大类：战略风险，财务风险和经营风险。战略风险包括对于企业的长期战略和计划起重要作用的方面和因素，例如兼并和收购，技术，竞争，政治环境，法律和法规，以及劳工市场。财务风险包括影响企业财务状况的因素，包括：市场风险，商品和服务，外汇汇率和证券的相关成本（股票，债权等）；信用风险，与债务人没有按照其约定的有关条款履行义务；流动性风险，反映现金缺乏时，及时出售资产的困难。操作风险是有关条件影响正常工作的情况：意外的事件，包括故障和缺陷，质量差，自然灾害；预

风险管理【外文翻译】

期行为，破坏，心怀不满的雇员等；丧失竞争力，关键人员；与法律环境下相关的，例如有缺陷合同及责任保险。

一个企业要成功实施风险管理，需要高层管理人员参与，活动必须落实在许多层面上。确保成功的要点是一个风险管理战略的确立，例如企业如何定义和实施风险管理的原则。难道仅仅只需遵照监管要求（最低要求），或追求“成为最好的”？企业风险管理过程的建立，包括企业贯彻的正式流程和常规。建立管理结构，包括角色和责任分配，这样，风险分析过程和组织融为一体。分析和支持系统的实施，如风险工具分析，执行，记录系统各种类型的事件的发生等。沟通，培训和发展风险管理文化，这样，组织的能力，理解和动机水平得到增强。实施了上述风险管理的基础原则后，下一步是制定可用于实际决策中的原则和方法。然而，这并不是那么简单，还有一系列的挑战，在这里我们列举其中一些：为不同的风险选择建立一个丰富的风险信息平台，将其运用到风险决策环境中。这意味着正确认识不确定因素的风险指数和风险评估。在风险决策方面则意味着接受风险的定义和准则，成本效益分析和安全风险管理原则，风险应该降低到实际合理的最低水平。

定义和描述关于风险的概率和预期性价值是常见的现象。然而，这受到了挑战，因为概率和预期值的不确定性是隐蔽的。概率的分配都是有条件的基于数量的简单假设和推测，他们依据的是背景知识。不确定性往往是隐藏在这个背景知识后面，注意限制性是由于给定的概率而产生的，这些因素的隐蔽性可能产生令人惊讶的结果。直接考虑到了重要的不确定性因素容易被阻隔的可能性，而潜在的惊喜可能会是你不曾考虑到的。

让我们举一个例子，通过20世纪70年代风险分析师分析海上石油项目工作的有关潜水员未来健康的问题来考虑风险。该分析师对潜水员在未来30年中将经历的由于潜水活动而产生的健康问题（正确的定义）分配一个价值概率。让我们假设1%的价值被分配，以当时的知识为基础是合适的。没有强烈的迹象表明潜水员会遇到健康问题，但在今天我们知道这些概率导致了较少的预测。许多潜水员们已出现了严重的健康问题（Avon和Vine，2007）。通过限制单独作业风险的概率，不确定性和风险的重要方面被隐藏了。由于对深层次的现象缺乏了解，单独作业的概率不能充分描述这种状态。

风险管理【外文翻译】

一些危险的观点和定义已被提出并且已被证实符合这个现实。例如，Avon（2007a，2008a）把风险定义为事件/后果和相关不确定性的二维组合（将发生的事件，后果将是什么）。Avon和Renan（2008a）建议从一个密切相关的角度将风险定义为有关不确定性活动及其产生的严重后果，其严重性是指强度，大小，扩展，范围和其他潜在的关于人类价值（生活，环境，金钱等）的大小措施。损失和收益，例如以货币形式或死亡人数表述的，是界定后果的严重程度的方法。另见Avon和Christensen（2005）。

在具有较大不确定性的情况下，风险评估可以支持决策，但其他原则，措施和手段也需要，如警示、预防原则，以及鲁棒性和弹性战略。决策依据的信息是必要的，但应比单独通过概率分析所得到的更加细微化。这一点被许多研究者所强调，如Apostolicism （1990）和Apostolicism与Lemon（2005）：定性分析（QRA）的结果永远不是决策的唯一基础。安全和与安全相关的决策是风险告知，而不是基于风险的。这个结论仅仅是通过一些超出预期值的概率的需求来确定的，是不确切的。这里的主要问题是，风险需要与其他关注相平衡。

当各种解决方案和措施被进行比较并作出决定时，分析和已进行的评估提供了这样一个决定性的依据，在许多情况下，已有的设计原则和标准提供了明确的指导。这些原则和标准必须成为首批评估风险的参考点。这是常见的思维，风险管理流程，特别是安全风险管理过程，需要正规或标准指导（例如风险，验收标准和成本效益指数），以简化决策。值得注意的是，当使用这种类型的决策标准时要进行陈列，因为它们很容易导致决策过程机械化。这种机械化是不好的，因为：决策标准基于风险有关的数字本身（概率和预期值）并不能捕获所有方面的风险，成本和效益。没有方法精确证明机械化结果是否超过或低于标准的基础数值。在不确定性条件下做出决策属于管理责任，管理应该意识到有关的风险和不确定性。

Apostolicism 和Lemon（2005）采取务实的态度进行风险分析和风险管理，承认确定攻击的概率是困难的。理想的情况下，他们想根据预期值实行风险告知程序，但是，因为这种做法需要将尚未使用的概率“严格推导”，他们被迫采取更务实的态度。

当面临很大的不确定性问题时这是一个可行的方法。风险分析根本就没有为

风险管理【外文翻译】

决策过程提供一个充分坚实的基础。我们认为沿着同样的思路来考虑，这需要一个管理审查和判断需要的过程。要看到，它超出了在概率和预期值下计算风险图的形式，传统的定量风险分析的失败就在于此。我们认识到风险分析的需要，但问题是在很大的不确定性情况下执行传统的定量风险分析的价值增值。由于预算的不确定性，或作为一种不确定性评估结果被分析师强烈依赖，产能的任意性是显著的。

应当承认，风险无法准确表示概率和预期值的使用。如上面的例子所示，定量风险分析在许多情况下被一个更为定性的方法所取代，一个可称为半定量方法的方法。量化风险利用预期的死亡人数等风险指数，提供了一个风险可以用非常精确的方式表达的印象。然而，在大多数情况下，它的随意性大。在一个半定量的方法中，这是公认的提供了更细致入微的风险图片，包括相对于概率和预期值可能会导致“意外”的因素。量化往往需要强有力的简化和假设，因此，重要的因素可能被忽略或给予太少（或太多）的关注。定性或半定量分析中，更全面的风险图片可以在考虑到潜在的风险影响因素时成立。与广泛使用的定量风险分析相反，它们对风险描述的精确度与风险工具分析的准确性是一致的。此外，风险量化的资源非常苛刻，需要检查资源是否以最好的方式被使用。我们的结论是：在很多情况下更多的是通过更广泛的开发方式，更注重质量的办法获得资源，它允许考虑超出概率和预期值。

从传统的定量风险评估看，例如在核和石油及天然气行业通过计算概率和预期值，提供了比较狭窄的风险图片，我们认为这种方法具有很大的不确定性问题，应该谨慎使用。替代办法突出了质量方面的问题在这种情况下更合适，一个广泛的风险描述是必需的。这也是含糊不清的情况在规范的情况下，风险特征提供了风险评估进程的基础。主要关注的是价值判断，他们通过坚实的科学评估，试图证明他们对过于狭窄的风险方法已采纳，是在科学的基础上合理的接受风险，显示了风险情况应该得到广泛的支持。承认在有较大的不确定性和规范有含糊之处的案件中，不确定性作为风险的主要组成部分是成功实施风险管理必不可少的。

一个描述风险的内容应包括计算概率和预期值，以及敏感性风险显示指数如何依背景知识（假设和推测）而定；不确定性评估；背景知识说明，包括模型和数据使用。

风险管理【外文翻译】

这种不确定性评估不应局限于标准的概率分析，这种分析可能隐藏重要的不确定性因素。这种定量搜索，明确表达了不确定性的方法，甚至超越了主观概率，似乎是值得考虑的方向。然而，这种做法是不推荐的。试图精确和准确地表达什么是极不确定是没有意义的。相反，我们推荐一个更开放的定性方法去揭示这种不确定性。有些人可能认为从科学的角度和方法来说这是缺乏吸引力的，也许是，但它更适合于解决当前的问题，分析有关管理风险和不确定性。

出处:泰耶·艾文.

.技术系统风险，2010（10）:P175-198. 《风险管理》

本文来源：https://www.bwwdw.com/article/wnc1.html